Certbot is a tool to automatically receive and install X.509 certificates
to enable TLS on servers. It will interoperate with the Let's Encrypt CA
which issues browser-trusted certificates free of charge. It will:

- generate a private key and CSR (Certificate Signing Request)
- connect to the CA's API
- prove domain control to the CA
  (via listening on port 80 or placing a file in the web root)
- submit the CSR
- if approved, install keys locally

Tools to automate webserver configuration may be packaged separately in
the future.
